Froedtert Health’s Workforce Health, a healthcare organization, and contractor Dynacare, a clinical laboratory services company, are working toward resolving a recent data breach involving Milwaukee city employees. Dynacare recently lost a USB flash drive that contained 6,000 Milwaukee employees’ data such as names, addresses, dates of birth, Social Security numbers and gender.
According to the Milwaukee Journal Sentinel, a Dynacare employee’s car was stolen with her purse in it, which held the flash drive, on October 22 and the breach included the names of 3,000 spouses and domestic partners. “Obviously, when we got this information, we were outraged,” Mayor Tom Barrett said to the Journal Sentinel. “How in God’s name could you put this information, this important information about city employees, on a flash drive? This should be secure information that is protected for city employees. We are very, very concerned, obviously, with the release of this.”
In statements since the breach was reported to the Milwaukee police department, Dynacare has yet to indicate why it waited until November 15 to alert city officials of the incident. In addition to a “comprehensive internal review of its policies and procedures”, Dynacare said it plans on further educating to its employees on the importance of safeguarding patient information. It would be assumed that holding 3,000 patients data on a thumb drive and leaving it in a car would be on the list of “Don’ts”. “Dynacare is committed to maintaining the privacy and security of the personal information it maintains, and it deeply regrets any inconvenience this may cause its patients,” the company statement said.
Although Dynacare doesn’t think that the flash drive was taken for the information it contained or that the information has been used by an unauthorized person, Thomas Moore, an engineer with Milwaukee Water Works, told the Journal Sentinel that he was notified by LifeLock, an identity theft protection company, on October 22, the day of the breach. LifeLock told him that someone had been using his name, date of birth and Social Security number to attempt to open a Verizon account that same day and the company was able to prevent the transaction.
Dynacare said it will send all affected patients a letter and offer them a free year of identity monitoring, but Milwaukee said it will continue to work with Froedtert Health to figure out how the incident occurred. This will include viewing both Dynacare and Froedtert’s investigations upon completion.